From 617535e5903905a1139edd9a97f721e14fa96d86 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 22 Jul 2025 10:00:20 -0400 Subject: [PATCH 1/7] keyid as text string --- src/BPSecLib_Private.h | 11 +++++- src/CryptoInterface.h | 10 ++--- src/backend/CryptoInterface.c | 28 +++++++++----- src/backend/SecParam.c | 14 +++++++ src/security_context/BCB_AES_GCM.c | 15 ++++---- src/security_context/BIB_HMAC_SHA2.c | 10 +++-- .../DefaultSecContext_Private.h | 4 +- test/bsl_test_utils.c | 10 ++--- test/bsl_test_utils.h | 14 +++---- test/test_BackendSecurityContext.c | 19 +++++----- test/test_CryptoInterface.c | 38 +++++++++---------- test/test_PublicInterfaceImpl.c | 4 +- 12 files changed, 107 insertions(+), 70 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 6532fad8..666ac0f0 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -627,6 +627,7 @@ enum BSL_SecParam_Types_e BSL_SECPARAM_TYPE_UNKNOWN = 0, ///< Inidcates parsed value not of expected type. BSL_SECPARAM_TYPE_INT64, ///< Indicates value type is an unsigned integer. BSL_SECPARAM_TYPE_BYTESTR, ///< Indicates the value type is a byte string. + BSL_SECPARAM_TYPE_STR }; /** Defines supplementary Security Paramter type used internally by @@ -639,7 +640,7 @@ typedef enum BSL_SECPARAM_TYPE_INT_STARTINDEX = 1000, /// @brief Used to pass in a key id found in the key registry. - BSL_SECPARAM_TYPE_INT_KEY_ID, + BSL_SECPARAM_TYPE_KEY_ID, /// @brief Used by tests to pass in a specific key bytestring BSL_SECPARAM_TYPE_INT_FIXED_KEY, @@ -700,6 +701,14 @@ int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t */ int BSL_SecParam_InitInt64(BSL_SecParam_t *self, uint64_t param_id, uint64_t value); +/** + * @param self This Security Paramter + * @param param_id ID of the parameter + * @param value text string of the parameter + * @returns Negative on an error. + */ +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char* value); + /** Returns true when the value type is an integer. * * @param self This Security Parameter diff --git a/src/CryptoInterface.h b/src/CryptoInterface.h index 53123c24..d4b6b815 100644 --- a/src/CryptoInterface.h +++ b/src/CryptoInterface.h @@ -141,7 +141,7 @@ void BSL_CryptoDeinit(void); * @return 0 if successful */ BSL_REQUIRE_CHECK -int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var); +int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var); /** * Input data to HMAC sign to context @@ -180,13 +180,13 @@ int BSL_AuthCtx_Deinit(BSL_AuthCtx_t *hmac_ctx); /** * @todo Doxygen */ -int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, size_t key_id, +int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, const char *key_id, size_t aes_variant); /** * @todo Doxygen */ -int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_key_id, size_t aes_variant); +int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, const char *content_key_id, size_t aes_variant); /** * Initialize crypto context resources and set as encoding or decoding @@ -208,7 +208,7 @@ int BSL_Cipher_Init(BSL_Cipher_t *cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCi * @param[out] secret_len Pointer to the stored secret length, if successful. * @return Zero upon success. */ -int BSLB_Crypto_GetRegistryKey(uint64_t keyid, const uint8_t **secret, size_t *secret_len); +int BSLB_Crypto_GetRegistryKey(const char *keyid, const uint8_t **secret, size_t *secret_len); /** * Add additional authenticated data (AAD) to cipher context @@ -284,7 +284,7 @@ int BSL_Crypto_GenIV(void *buf, int size); * @param secret_len length of raw key * @return Zero upon success. */ -int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secret_len); +int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t secret_len); #ifdef __cplusplus } // extern C diff --git a/src/backend/CryptoInterface.c b/src/backend/CryptoInterface.c index 520add4b..db9c28d5 100644 --- a/src/backend/CryptoInterface.c +++ b/src/backend/CryptoInterface.c @@ -27,6 +27,7 @@ #include #include +#include #include #include @@ -53,7 +54,7 @@ static int BSLB_CryptoKey_Deinit(BSLB_CryptoKey_t *key) /// @cond Doxygen_Suppress #define M_OPL_BSLB_CryptoKey_t() M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSLB_CryptoKey_Deinit))) /// Stable dict of crypto keys (key: key ID | value: key) -DICT_DEF2(BSLB_CryptoKeyDict, uint64_t, M_BASIC_OPLIST, BSLB_CryptoKey_t, M_OPL_BSLB_CryptoKey_t()) +DICT_DEF2(BSLB_CryptoKeyDict, string_t, STRING_OPLIST, BSLB_CryptoKey_t, M_OPL_BSLB_CryptoKey_t()) /// @endcond /// Crypto key registry @@ -71,7 +72,7 @@ void BSL_CryptoDeinit(void) BSLB_CryptoKeyDict_clear(StaticKeyRegistry); } -int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, size_t key_id, +int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, const char *key_id, size_t aes_variant) { const EVP_CIPHER *cipher = (aes_variant == BSL_CRYPTO_AES_128) ? EVP_aes_128_wrap() : EVP_aes_256_wrap(); @@ -117,7 +118,7 @@ int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_ke return 0; } -int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_key_id, size_t aes_variant) +int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, const char *content_key_id, size_t aes_variant) { const EVP_CIPHER *cipher = (aes_variant == BSL_CRYPTO_AES_128) ? EVP_aes_128_wrap() : EVP_aes_256_wrap(); EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); @@ -166,7 +167,7 @@ int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_k return 0; } -int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var) +int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var) { CHK_ARG_NONNULL(hmac_ctx); @@ -192,8 +193,11 @@ int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSH return BSL_ERR_FAILURE; } + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - const BSLB_CryptoKey_t *key_info = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid); + const BSLB_CryptoKey_t *key_info = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid_str); if (key_info == NULL) { // Special case which should not happen @@ -429,7 +433,7 @@ int BSL_Crypto_GenIV(void *buf, int size) return 0; } -int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secret_len) +int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t secret_len) { CHK_ARG_NONNULL(secret); CHK_ARG_EXPR(secret_len > 0); @@ -451,20 +455,26 @@ int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secr return ecode; } + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - BSLB_CryptoKeyDict_set_at(StaticKeyRegistry, keyid, key); + BSLB_CryptoKeyDict_set_at(StaticKeyRegistry, keyid_str, key); pthread_mutex_unlock(&StaticCryptoMutex); return 0; } -int BSLB_Crypto_GetRegistryKey(uint64_t keyid, const uint8_t **secret, size_t *secret_len) +int BSLB_Crypto_GetRegistryKey(const char *keyid, const uint8_t **secret, size_t *secret_len) { CHK_ARG_NONNULL(secret); // CHK_ARG_NONNULL(secret_len); // Note: secret_len CAN be NULL - this maybe should be fixed. + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - const BSLB_CryptoKey_t *found = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid); + const BSLB_CryptoKey_t *found = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid_str); if (!found) { diff --git a/src/backend/SecParam.c b/src/backend/SecParam.c index fe306c41..263ad9f7 100644 --- a/src/backend/SecParam.c +++ b/src/backend/SecParam.c @@ -31,6 +31,20 @@ size_t BSL_SecParam_Sizeof(void) return sizeof(BSL_SecParam_t); } +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char* value) +{ + CHK_ARG_NONNULL(self); + CHK_ARG_EXPR(value != NULL); + + memset(self, 0, sizeof(*self)); + self->param_id = param_id; + self->_type = BSL_SECPARAM_TYPE_STR; + self->_bytelen = strlen(value); + memcpy(self->_bytes, value, strlen(value)); + + return BSL_SUCCESS; +} + int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t value) { CHK_ARG_NONNULL(self); diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c index 6c2d9133..38fd41b4 100644 --- a/src/security_context/BCB_AES_GCM.c +++ b/src/security_context/BCB_AES_GCM.c @@ -105,7 +105,7 @@ static int BSLX_BCB_Decrypt(BSLX_BCB_t *bcb_context) CHK_PRECONDITION(bcb_context->aad.len > 0); // Key must have been set (this feeds the key encryption key) - CHK_PRECONDITION(bcb_context->key_id > 0); + CHK_PRECONDITION(bcb_context->key_id); // BTSD replacement is not yet allocated CHK_PRECONDITION(bcb_context->btsd_replacement.ptr != NULL); @@ -224,7 +224,7 @@ int BSLX_BCB_Encrypt(BSLX_BCB_t *bcb_context) CHK_PRECONDITION(bcb_context->aad.len > 0); // Must have a key ID from the security operation parameters - CHK_PRECONDITION(bcb_context->key_id > 0); + CHK_PRECONDITION(bcb_context->key_id); // BTSD replacement is not yet allocated CHK_PRECONDITION(bcb_context->btsd_replacement.ptr != NULL); @@ -469,12 +469,13 @@ int BSLX_BCB_GetParams(const BSL_BundleRef_t *bundle, BSLX_BCB_t *bcb_context, c } break; } - case BSL_SECPARAM_TYPE_INT_KEY_ID: + case BSL_SECPARAM_TYPE_KEY_ID: { - assert(is_int); - bcb_context->key_id = BSL_SecParam_GetAsUInt64(param); - BSL_LOG_DEBUG("Param[%lu]: KEY_ID value = %lu", param_id, bcb_context->key_id); - BSL_LOG_DEBUG("Key ID = %lu", bcb_context->key_id); + assert(!is_int); + BSL_Data_t res; + assert(BSL_SUCCESS == BSL_SecParam_GetAsBytestr(param, &res)); + bcb_context->key_id = (char *) res.ptr; + BSL_LOG_DEBUG("Param[%lu]: KEY_ID value = %s", param_id, bcb_context->key_id); break; } case BSL_SECPARAM_TYPE_INT_FIXED_KEY: diff --git a/src/security_context/BIB_HMAC_SHA2.c b/src/security_context/BIB_HMAC_SHA2.c index fcb9c9ee..d9d2878a 100644 --- a/src/security_context/BIB_HMAC_SHA2.c +++ b/src/security_context/BIB_HMAC_SHA2.c @@ -111,7 +111,7 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) memset(self, 0, sizeof(*self)); self->sha_variant = -1; self->integrity_scope_flags = -1; - self->key_id = -1; + self->key_id = ""; for (size_t param_index = 0; param_index < BSL_SecOper_CountParams(sec_oper); param_index++) { @@ -124,10 +124,12 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) int_val = BSL_SecParam_GetAsUInt64(param); } - if (param_id == BSL_SECPARAM_TYPE_INT_KEY_ID) + if (param_id == BSL_SECPARAM_TYPE_KEY_ID) { - assert(is_int); - self->key_id = int_val; + assert(!is_int); + BSL_Data_t res; + BSL_SecParam_GetAsBytestr(param, &res); + self->key_id = (char *) res.ptr; } else if (param_id == BSL_SECPARAM_TYPE_INT_FIXED_KEY) { diff --git a/src/security_context/DefaultSecContext_Private.h b/src/security_context/DefaultSecContext_Private.h index b89f1526..cdb05c57 100644 --- a/src/security_context/DefaultSecContext_Private.h +++ b/src/security_context/DefaultSecContext_Private.h @@ -62,7 +62,7 @@ BSL_Data_t BSLX_Bytestr_AsData(BSLX_Bytestr_t *self); typedef struct BSLX_BIB_s { - int64_t key_id; + const char* key_id; BSL_PrimaryBlock_t primary_block; BSL_CanonicalBlock_t target_block; BSL_CanonicalBlock_t sec_block; @@ -85,7 +85,7 @@ int BSLX_BIB_GenHMAC(BSLX_BIB_t *self, BSL_Data_t ippt_data); typedef struct BSLX_BCB_s { size_t err_count; - uint64_t key_id; + const char* key_id; // Data wrappers and containers for borrowed and owned/allocated buffers // These will ALL be deinitialized at the end, so _Deinit MUST be called. diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index fe62ec51..58d917cd 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -39,11 +39,11 @@ field.len = sizeof(tgt); \ field.ptr = (uint8_t *)tgt -void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, uint64_t key_id) +void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id) { quick_data(context->hmac, ApxA1_HMAC); - BSL_SecParam_InitInt64(&context->param_test_key, BSL_SECPARAM_TYPE_INT_KEY_ID, key_id); + BSL_SecParam_InitStr(&context->param_test_key, BSL_SECPARAM_TYPE_KEY_ID, key_id); BSL_SecParam_InitInt64(&context->param_scope_flags, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, 0); BSL_SecParam_InitInt64(&context->param_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC512); BSL_SecParam_InitBytestr(&context->param_hmac, BSL_SECPARAM_TYPE_AUTH_TAG, context->hmac); @@ -64,7 +64,7 @@ void BSL_TestUtils_InitBCB_Appendix2(BCBTestContext *context, BSL_SecRole_e role quick_data(context->content_enc_key, ApxA2_ContentEncKey); BSL_SecParam_InitInt64(&context->param_scope_flags, RFC9173_BCB_SECPARAM_AADSCOPE, 0); - BSL_SecParam_InitInt64(&context->param_test_key_id, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A2_KEY); + BSL_SecParam_InitStr(&context->param_test_key_id, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A2_KEY); BSL_SecParam_InitInt64(&context->param_aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, RFC9173_BCB_AES_VARIANT_A128GCM); BSL_SecParam_InitBytestr(&context->param_init_vec, RFC9173_BCB_SECPARAM_IV, context->init_vector); @@ -220,14 +220,14 @@ BSL_HostEIDPattern_t BSL_TestUtils_GetEidPatternFromText(const char *text) return pat; } -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(uint64_t key_id) +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char* key_id) { RFC9173_A1_Params params = { 0 }; BSL_SecParam_InitInt64(¶ms.sha_variant, RFC9173_TestVectors_AppendixA1.bib_asb_sha_variant_key, RFC9173_TestVectors_AppendixA1.bib_asb_sha_variant_value); BSL_SecParam_InitInt64(¶ms.scope_flags, RFC9173_TestVectors_AppendixA1.bib_asb_scope_flags_key, RFC9173_TestVectors_AppendixA1.bib_asb_scope_flags_value); - BSL_SecParam_InitInt64(¶ms.test_key_id, BSL_SECPARAM_TYPE_INT_KEY_ID, key_id); + BSL_SecParam_InitStr(¶ms.test_key_id, BSL_SECPARAM_TYPE_KEY_ID, key_id); return params; } diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index da2f88c4..4e4aa5cf 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -33,15 +33,15 @@ #include /// @brief Key ID for the Appendix A1 key in OpenSSL -#define RFC9173_EXAMPLE_A1_KEY (9100) +#define RFC9173_EXAMPLE_A1_KEY "9100" /// @brief Key ID for the Appendix A2 key in OpenSSL -#define RFC9173_EXAMPLE_A2_KEY (9102) +#define RFC9173_EXAMPLE_A2_KEY "9102" /// @brief Key ID for the Appendix A3 key in OpenSSL -#define RFC9173_EXAMPLE_A3_KEY (9103) +#define RFC9173_EXAMPLE_A3_KEY "9103" -#define RFC9173_EXAMPLE_A4_BCB_KEY (9104) +#define RFC9173_EXAMPLE_A4_BCB_KEY "9104" #define quick_data_t(field, tgt) \ field.len = sizeof(tgt); \ @@ -86,7 +86,7 @@ typedef struct BSL_SecOper_t sec_oper; } BIBTestContext; -void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, uint64_t key_id); +void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id); static const uint8_t ApxA2_InitVec[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 }; static const uint8_t ApxA2_AuthTag[] = { 0xef, 0xa4, 0xb5, 0xac, 0x01, 0x08, 0xe3, 0x81, @@ -276,7 +276,7 @@ typedef struct BSL_SecParam_t test_key_id; } RFC9173_A1_Params; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(uint64_t key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char* key_id); typedef struct { @@ -291,7 +291,7 @@ typedef struct uint64_t scope_flag; } RFC9173_AppendixA2_BCB; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(uint64_t key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(const char* key_id); typedef struct BSL_TestContext_s { diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 0eceb520..d353f005 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -180,7 +180,8 @@ void test_SecurityContext_BIB_Verifier_Failure(void) BSL_TestUtils_InitBIB_AppendixA1(&bib_test_context, BSL_SECROLE_VERIFIER, RFC9173_EXAMPLE_A2_KEY); // Note - switch to use the WRONG KEY - bib_test_context.param_test_key._uint_value = RFC9173_EXAMPLE_A2_KEY; + memcpy(bib_test_context.param_test_key._bytes, RFC9173_EXAMPLE_A2_KEY, strlen(RFC9173_EXAMPLE_A2_KEY)); + bib_test_context.param_test_key._bytelen = strlen(RFC9173_EXAMPLE_A2_KEY); BSL_SecurityActionSet_t *malloced_actionset = BSL_TestUtils_InitMallocBIBActionSet(&bib_test_context); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -267,7 +268,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) TEST_ASSERT_EQUAL(4, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecOper_t bib_oper_primary = { 0 }; BSL_SecOper_Init(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); @@ -278,7 +279,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_key); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A3_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A3_KEY); BSL_SecOper_t bcb_oper = { 0 }; BSL_SecOper_Init(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_oper, &bcb_param_key); @@ -317,7 +318,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) TEST_ASSERT_EQUAL(2, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t param_sha_var = { 0 }; BSL_SecParam_InitInt64(¶m_sha_var, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC256); @@ -339,7 +340,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_integ_scope); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A3_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A3_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0); @@ -406,7 +407,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) // FIRST we must decrypt the BCB targets. BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0x07); BSL_SecParam_t aes_variant = { 0 }; @@ -426,7 +427,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_scope); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t sha_variant = { 0 }; BSL_SecParam_InitInt64(&sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC384); BSL_SecParam_t scope_flag = { 0 }; @@ -479,7 +480,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) TEST_ASSERT_EQUAL(1, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t sha_variant = { 0 }; BSL_SecParam_InitInt64(&sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC384); BSL_SecParam_t scope_flag = { 0 }; @@ -492,7 +493,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecOper_AppendParam(&bib_oper_payload, &scope_flag); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0x07); BSL_SecParam_t aes_variant = { 0 }; diff --git a/test/test_CryptoInterface.c b/test/test_CryptoInterface.c index 85918b49..a49da200 100644 --- a/test/test_CryptoInterface.c +++ b/test/test_CryptoInterface.c @@ -201,16 +201,16 @@ void suiteSetUp(void) uint8_t test1[20] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test2[4] = { 0x4a, 0x65, 0x66, 0x65 }; - BSL_Crypto_AddRegistryKey(1, test1, 20); - BSL_Crypto_AddRegistryKey(2, test2, 4); + BSL_Crypto_AddRegistryKey("1", test1, 20); + BSL_Crypto_AddRegistryKey("2", test2, 4); uint8_t test_128[16] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test_256[32] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - BSL_Crypto_AddRegistryKey(8, test_256, 32); - BSL_Crypto_AddRegistryKey(9, test_128, 16); + BSL_Crypto_AddRegistryKey("8", test_256, 32); + BSL_Crypto_AddRegistryKey("9", test_128, 16); } int suiteTearDown(int failures) @@ -232,23 +232,23 @@ void tearDown(void) // test vectors from RFC 4231 // Test vector 1 -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_256], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_256], ["4869205468657265"], ["b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"]) -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_384], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_384], ["4869205468657265"], ["afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"]) -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_512], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_512], ["4869205468657265"], ["87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914ee" "b61f1702e696c203a126854"]) // Test vector 2 -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"]) -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"]) -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34" "d4a6b4b636e070a38bce737"]) -void test_hmac_in(int input_case, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, +void test_hmac_in(int input_case, const char* keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, char *expected) { string_t exp_txt; @@ -318,8 +318,8 @@ void test_hmac_in(int input_case, uint64_t keyid, BSL_CryptoCipherSHAVariant_e s /** * Test library encrypt using OpenSSL example decrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ 8, 9 ]) -void test_encrypt(const char *plaintext_in, uint64_t keyid) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "8", "9" ]) +void test_encrypt(const char *plaintext_in, const char *keyid) { int res; @@ -340,7 +340,7 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) res = BSL_SeqWriter_InitFlat(&writer, &ciphertext, &ct_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (keyid == 8) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; BSL_Cipher_t ctx; const uint8_t *ekey; @@ -377,7 +377,7 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (keyid == 8) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_decrypt(cipher, ciphertext, ct_size, aad, 2, (unsigned char *)tag, (unsigned char *)key, iv, iv_len, plaintext, &plaintext_len); TEST_ASSERT_EQUAL(0, res); @@ -394,8 +394,8 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) /** * Test library decrypt using OpenSSL example encrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ 8, 9 ]) -void test_decrypt(const char *plaintext_in, uint64_t keyid) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "8", "9" ]) +void test_decrypt(const char *plaintext_in, const char *keyid) { int res; @@ -414,7 +414,7 @@ void test_decrypt(const char *plaintext_in, uint64_t keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (keyid == 8) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_encrypt(cipher, (unsigned char *)plaintext_in, strlen(plaintext_in), aad, 2, (unsigned char *)key, iv, iv_len, ciphertext, &ciphertext_len, tag); TEST_ASSERT_EQUAL(0, res); @@ -431,7 +431,7 @@ void test_decrypt(const char *plaintext_in, uint64_t keyid) res = BSL_SeqWriter_InitFlat(&writer, &plaintext, &pt_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (keyid == 8) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; const uint8_t *ckey; size_t ckeylen; diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index 77e3499e..438bb405 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -67,9 +67,9 @@ void setUp(void) BSL_SecParam_t param_sha_variant = { 0 }; BSL_SecParam_InitInt64(¶m_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC512); BSL_SecParam_t param_test_key_correct = { 0 }; - BSL_SecParam_InitInt64(¶m_test_key_correct, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_test_key_correct, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t param_test_key_bad = { 0 }; - BSL_SecParam_InitInt64(¶m_test_key_bad, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A2_KEY); + BSL_SecParam_InitStr(¶m_test_key_bad, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A2_KEY); // Create a rule to Accept BIB blocks on all bundle from everywhere/to everywhere at APPIN (app ingress) BSLP_PolicyPredicate_t *predicate_all_appin = &policy->predicates[policy->predicate_count++]; From c2266cf6167389613bb4f171410959e9861c9ca4 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 22 Jul 2025 10:06:16 -0400 Subject: [PATCH 2/7] update conventions --- docs/api/Developer_Guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/api/Developer_Guide.md b/docs/api/Developer_Guide.md index ddff76b3..451c6c1c 100644 --- a/docs/api/Developer_Guide.md +++ b/docs/api/Developer_Guide.md @@ -104,6 +104,8 @@ More notes forthcoming. * The C standard library does not provide containers. Arrays is all we have, so that's what we have to work with. * Third party libraries providing containers may be more hassle and risk than they are worth. +#### » M\*Lib structures should not be referenced in the Frontend API + * Keep M\*Lib usage to the BSL backend, and use standard/primative structs for frontend API. The frontend should not include any M\*Lib headers. # Documentation From 20993ee74074b340f507f0364f6c18654481a4c0 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 22 Jul 2025 11:41:04 -0400 Subject: [PATCH 3/7] apply formatting --- src/BPSecLib_Private.h | 24 +++++++++---------- src/backend/AbsSecBlock.c | 7 +++--- src/backend/CryptoInterface.c | 9 +++---- src/backend/LoggingStderr.c | 8 +++---- src/backend/SecParam.c | 2 +- src/backend/SecurityActionSet.h | 14 +++++------ src/backend/SecurityResultSet.h | 2 +- src/backend/UtilDefs_Data.c | 2 +- src/security_context/BCB_AES_GCM.c | 8 +++---- src/security_context/BIB_HMAC_SHA2.c | 11 ++++----- src/security_context/DefaultSecContext.h | 2 +- .../DefaultSecContext_Private.h | 6 ++--- test/bsl_test_utils.c | 2 +- test/bsl_test_utils.h | 4 ++-- test/test_CryptoInterface.c | 2 +- 15 files changed, 52 insertions(+), 51 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 666ac0f0..be27f04a 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -515,7 +515,7 @@ typedef enum } BSL_BundleCtrlFlag_e; /** @brief Calls the host interface to get a bundle primary block information.abort - * + * * @param[in] bundle Bundle context * @param[out] result_primary_block Non-null pointer to result which gets populated on a zero return code. * @returns 0 on success, negative on error @@ -523,17 +523,17 @@ typedef enum int BSL_BundleCtx_GetBundleMetadata(const BSL_BundleRef_t *bundle, BSL_PrimaryBlock_t *result_primary_block); /** @brief Returns an array in which each element contains the id of the corresponding block.abort - * + * * @param[in] bundle Bundle context * @param[in] array_count Number of elements in `block_id_index_array` * @param[out] block_id_index_array Array of `array_count` elements for results * @param[out] result_count Contains the number of elements put into the array */ -int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, - uint64_t block_ids_array[array_count], size_t *result_count); +int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, uint64_t block_ids_array[array_count], + size_t *result_count); /** @brief Returns information about the bundle Canonical block - * + * * @param[in] bundle Context bundle * @param[in] block_num The number of the bundle canonical block we seek information on * @param[out] result_block Pointer to allocated memory which contains the results of the query. @@ -551,7 +551,7 @@ int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, uint64_t *block_num); /** @brief Requests the removal of a block from a bundle - * + * * @param[in] bundle Context bundle * @param[in] block_num Block number to be removed * @returns 0 on success, negative on failure. @@ -559,9 +559,9 @@ int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num); /** @brief Requests the re-allocation of a block's BTSD, useful for BCB. - * + * * @note Uses semantics similar to memcpy. - * + * * @param[in] bundle Context bundle * @param[in] block_num Number of block requesting re-allocated of BTSD * @param[in] bytesize Size of new BTSD @@ -707,7 +707,7 @@ int BSL_SecParam_InitInt64(BSL_SecParam_t *self, uint64_t param_id, uint64_t val * @param value text string of the parameter * @returns Negative on an error. */ -int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char* value); +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char *value); /** Returns true when the value type is an integer. * @@ -1014,13 +1014,13 @@ size_t BSL_SecurityActionSet_Sizeof(void); void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self); /** @brief Increment a security failure for this action set - * + * * @param[in, out] self Pointer to this security action set. */ void BSL_SecurityActionSet_IncrError(BSL_SecurityActionSet_t *self); /** @brief Returns count of failures after processing this action set - * + * * @param[in] self Pointer ot this security action set. * @returns Count of errors. */ @@ -1033,7 +1033,7 @@ size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self); void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self); /** @brief Append a security operation to the security action set - * + * * @param[in, out] self This security action set. * @param[in] sec_oper Security operation to include. * @returns 0 on success, negative on error diff --git a/src/backend/AbsSecBlock.c b/src/backend/AbsSecBlock.c index 888de6ea..1d06347e 100644 --- a/src/backend/AbsSecBlock.c +++ b/src/backend/AbsSecBlock.c @@ -70,8 +70,9 @@ void BSL_AbsSecBlock_Print(const BSL_AbsSecBlock_t *self) for (size_t index = 0; index < BSLB_SecResultList_size(self->results); index++) { BSL_SecResult_t *sec_result = BSLB_SecResultList_get(self->results, index); - BSL_Log_DumpAsHexString((uint8_t*)str, sizeof(str), sec_result->_bytes, sec_result->_bytelen); - BSL_LOG_INFO("ASB Result[%lu]: tgt=%lu, id=%lu %s", index, sec_result->target_block_num, sec_result->result_id, str); + BSL_Log_DumpAsHexString((uint8_t *)str, sizeof(str), sec_result->_bytes, sec_result->_bytelen); + BSL_LOG_INFO("ASB Result[%lu]: tgt=%lu, id=%lu %s", index, sec_result->target_block_num, sec_result->result_id, + str); } } @@ -409,7 +410,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c // This is a failure case - should more clearly return? BSL_LOG_ERR("Unhandled case"); // NOLINTNEXTLINE - exit(1); + exit(1); } const size_t item_end = QCBORDecode_Tell(&asbdec); diff --git a/src/backend/CryptoInterface.c b/src/backend/CryptoInterface.c index db9c28d5..89f92f4e 100644 --- a/src/backend/CryptoInterface.c +++ b/src/backend/CryptoInterface.c @@ -105,7 +105,7 @@ int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_ke unwrapped_key_output->len = (size_t)unwrapped_key_len; int final_len = 0; - int res = EVP_DecryptFinal_ex(ctx, &unwrapped_key_output->ptr[unwrapped_key_output->len], &final_len); + int res = EVP_DecryptFinal_ex(ctx, &unwrapped_key_output->ptr[unwrapped_key_output->len], &final_len); if (res != 1) { BSL_LOG_ERR("Failed DecryptFinal: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -156,7 +156,7 @@ int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, const char *cont } wrapped_key->len = (size_t)len; - int final_len = 0; + int final_len = 0; if (!EVP_EncryptFinal_ex(ctx, &wrapped_key->ptr[wrapped_key->len], &final_len)) { EVP_CIPHER_CTX_free(ctx); @@ -241,7 +241,7 @@ int BSL_AuthCtx_DigestSeq(BSL_AuthCtx_t *hmac_ctx, BSL_SeqReader_t *reader) int BSL_AuthCtx_Finalize(BSL_AuthCtx_t *hmac_ctx, void **hmac, size_t *hmac_len) { size_t req = 0; - int res = EVP_DigestSignFinal(hmac_ctx->libhandle, NULL, &req); + int res = EVP_DigestSignFinal(hmac_ctx->libhandle, NULL, &req); CHK_PROPERTY(res == 1); *hmac_len = req; @@ -283,7 +283,8 @@ int BSL_Cipher_Init(BSL_Cipher_t *cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCi return BSL_ERR_FAILURE; } - int res = EVP_CipherInit_ex(cipher_ctx->libhandle, cipher, NULL, NULL, NULL, (cipher_ctx->enc == BSL_CRYPTO_ENCRYPT)); + int res = + EVP_CipherInit_ex(cipher_ctx->libhandle, cipher, NULL, NULL, NULL, (cipher_ctx->enc == BSL_CRYPTO_ENCRYPT)); CHK_PROPERTY(res == 1); cipher_ctx->block_size = (size_t)EVP_CIPHER_CTX_block_size(cipher_ctx->libhandle); diff --git a/src/backend/LoggingStderr.c b/src/backend/LoggingStderr.c index e54af049..941f2c45 100644 --- a/src/backend/LoggingStderr.c +++ b/src/backend/LoggingStderr.c @@ -91,11 +91,11 @@ M_BUFFER_DEF(BSL_LogEvent_queue, BSL_LogEvent_event_t, BSL_LOG_QUEUE_SIZE, M_BUF /// @endcond /// Shared safe queue -static BSL_LogEvent_queue_t event_queue; +static BSL_LogEvent_queue_t event_queue; /// Sink thread ID -static pthread_t thr_sink; +static pthread_t thr_sink; /// True if ::thr_sink is valid -static atomic_bool thr_valid = ATOMIC_VAR_INIT(false); +static atomic_bool thr_valid = ATOMIC_VAR_INIT(false); /// NOLINTEND uint8_t *BSL_Log_DumpAsHexString(uint8_t *dstbuf, size_t dstlen, const uint8_t *srcbuf, size_t srclen) @@ -107,7 +107,7 @@ uint8_t *BSL_Log_DumpAsHexString(uint8_t *dstbuf, size_t dstlen, const uint8_t * memset(dstbuf, 0, dstlen); const char hex_digits[] = "0123456789ABCDEF"; - for (size_t i = 0; i < srclen && (((i * 2) + 1) < dstlen-1); i++) + for (size_t i = 0; i < srclen && (((i * 2) + 1) < dstlen - 1); i++) { dstbuf[(i * 2)] = (uint8_t)hex_digits[(srcbuf[i] >> 4) & 0x0F]; dstbuf[(i * 2) + 1] = (uint8_t)hex_digits[srcbuf[i] & 0x0F]; diff --git a/src/backend/SecParam.c b/src/backend/SecParam.c index 263ad9f7..5b491791 100644 --- a/src/backend/SecParam.c +++ b/src/backend/SecParam.c @@ -31,7 +31,7 @@ size_t BSL_SecParam_Sizeof(void) return sizeof(BSL_SecParam_t); } -int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char* value) +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char *value) { CHK_ARG_NONNULL(self); CHK_ARG_EXPR(value != NULL); diff --git a/src/backend/SecurityActionSet.h b/src/backend/SecurityActionSet.h index c022107c..e3dd7c10 100644 --- a/src/backend/SecurityActionSet.h +++ b/src/backend/SecurityActionSet.h @@ -36,13 +36,13 @@ /// @note This is intended to be a write-once, read-only struct struct BSL_SecurityActionSet_s { - BSL_SecOper_t sec_operations[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Fixed array of security operations (for simpler mem management) - size_t sec_operations_count; ///< Count of sec_operations - uint64_t new_block_ids[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for IDs of blocks to be created - uint64_t new_block_types[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for block type codes of blocks to be created. - size_t arrays_capacity; ///< Capacity of sec_operations - int err_code; ///< General error code + BSL_SecOper_t sec_operations[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Fixed array of security operations (for simpler + ///< mem management) + size_t sec_operations_count; ///< Count of sec_operations + uint64_t new_block_ids[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for IDs of blocks to be created + uint64_t new_block_types[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for block type codes of blocks to be created. + size_t arrays_capacity; ///< Capacity of sec_operations + int err_code; ///< General error code }; - #endif /* BSLB_SECACTIONSET_H_ */ diff --git a/src/backend/SecurityResultSet.h b/src/backend/SecurityResultSet.h index 74780637..7ec9f17f 100644 --- a/src/backend/SecurityResultSet.h +++ b/src/backend/SecurityResultSet.h @@ -29,7 +29,7 @@ #include #define BSL_SECURITYRESPONSESET_ARRAYLEN (10) -#define BSL_SECURITYRESPONSESET_STRLEN (256) +#define BSL_SECURITYRESPONSESET_STRLEN (256) /// @brief Contains the results and outcomes after performing the security operations. /// @note This struct is still in-concept diff --git a/src/backend/UtilDefs_Data.c b/src/backend/UtilDefs_Data.c index 54416b74..dbce2720 100644 --- a/src/backend/UtilDefs_Data.c +++ b/src/backend/UtilDefs_Data.c @@ -136,7 +136,7 @@ int BSL_Data_Resize(BSL_Data_t *data, size_t len) { return BSL_SUCCESS; } - + if (len == 0) { bsl_data_int_free(data); diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c index 38fd41b4..f7eb98b8 100644 --- a/src/security_context/BCB_AES_GCM.c +++ b/src/security_context/BCB_AES_GCM.c @@ -154,9 +154,9 @@ static int BSLX_BCB_Decrypt(BSLX_BCB_t *bcb_context) // This should have resized the buffer downward CHK_PROPERTY(content_enc_key.len < 2048); - BSL_Cipher_t cipher = { 0 }; - int cipher_init = BSL_Cipher_Init(&cipher, BSL_CRYPTO_DECRYPT, aes_mode, bcb_context->iv.ptr, (int)bcb_context->iv.len, - content_enc_key); + BSL_Cipher_t cipher = { 0 }; + int cipher_init = BSL_Cipher_Init(&cipher, BSL_CRYPTO_DECRYPT, aes_mode, bcb_context->iv.ptr, + (int)bcb_context->iv.len, content_enc_key); if (BSL_SUCCESS != cipher_init) { BSL_LOG_ERR("Failed to init BCB AES cipher"); @@ -474,7 +474,7 @@ int BSLX_BCB_GetParams(const BSL_BundleRef_t *bundle, BSLX_BCB_t *bcb_context, c assert(!is_int); BSL_Data_t res; assert(BSL_SUCCESS == BSL_SecParam_GetAsBytestr(param, &res)); - bcb_context->key_id = (char *) res.ptr; + bcb_context->key_id = (char *)res.ptr; BSL_LOG_DEBUG("Param[%lu]: KEY_ID value = %s", param_id, bcb_context->key_id); break; } diff --git a/src/security_context/BIB_HMAC_SHA2.c b/src/security_context/BIB_HMAC_SHA2.c index d9d2878a..135ae066 100644 --- a/src/security_context/BIB_HMAC_SHA2.c +++ b/src/security_context/BIB_HMAC_SHA2.c @@ -117,8 +117,8 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) { const BSL_SecParam_t *param = BSL_SecOper_GetParamAt(sec_oper, param_index); uint64_t param_id = BSL_SecParam_GetId(param); - bool is_int = BSL_SecParam_IsInt64(param); - uint64_t int_val = -1; + bool is_int = BSL_SecParam_IsInt64(param); + uint64_t int_val = -1; if (is_int) { int_val = BSL_SecParam_GetAsUInt64(param); @@ -129,7 +129,7 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) assert(!is_int); BSL_Data_t res; BSL_SecParam_GetAsBytestr(param, &res); - self->key_id = (char *) res.ptr; + self->key_id = (char *)res.ptr; } else if (param_id == BSL_SECPARAM_TYPE_INT_FIXED_KEY) { @@ -205,8 +205,7 @@ int BSLX_BIB_GenIPPT(BSLX_BIB_t *self, BSL_Data_t ippt_space) // Now begin process of computing IPPT if (self->integrity_scope_flags & RFC9173_BIB_INTEGSCOPEFLAG_INC_PRIM) { - UsefulBufC prim_encoded = { .ptr = self->primary_block.cbor, - .len = self->primary_block.cbor_len }; + UsefulBufC prim_encoded = { .ptr = self->primary_block.cbor, .len = self->primary_block.cbor_len }; QCBOREncode_AddEncoded(&encoder, prim_encoded); } if (self->integrity_scope_flags & RFC9173_BIB_INTEGSCOPEFLAG_INC_TARGET_HDR) @@ -269,7 +268,7 @@ int BSLX_BIB_GenHMAC(BSLX_BIB_t *self, BSL_Data_t ippt_data) } void *hmac_result_ptr = (void *)&self->hmac_result_val._bytes[0]; - size_t hmaclen = 0; + size_t hmaclen = 0; if ((res = BSL_AuthCtx_Finalize(&hmac_ctx, &hmac_result_ptr, &hmaclen)) != 0) { BSL_LOG_ERR("bsl_hmac_ctx_finalize failed with code %d", res); diff --git a/src/security_context/DefaultSecContext.h b/src/security_context/DefaultSecContext.h index 58c030d8..a65b8c02 100644 --- a/src/security_context/DefaultSecContext.h +++ b/src/security_context/DefaultSecContext.h @@ -31,7 +31,7 @@ #include #include -#define BSLX_MAX_KEYLEN (2048) +#define BSLX_MAX_KEYLEN (2048) #define BSLX_MAX_AES_PAD (64) int BSLX_BCB_Execute(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, diff --git a/src/security_context/DefaultSecContext_Private.h b/src/security_context/DefaultSecContext_Private.h index cdb05c57..a482ea99 100644 --- a/src/security_context/DefaultSecContext_Private.h +++ b/src/security_context/DefaultSecContext_Private.h @@ -62,7 +62,7 @@ BSL_Data_t BSLX_Bytestr_AsData(BSLX_Bytestr_t *self); typedef struct BSLX_BIB_s { - const char* key_id; + const char *key_id; BSL_PrimaryBlock_t primary_block; BSL_CanonicalBlock_t target_block; BSL_CanonicalBlock_t sec_block; @@ -84,8 +84,8 @@ int BSLX_BIB_GenHMAC(BSLX_BIB_t *self, BSL_Data_t ippt_data); */ typedef struct BSLX_BCB_s { - size_t err_count; - const char* key_id; + size_t err_count; + const char *key_id; // Data wrappers and containers for borrowed and owned/allocated buffers // These will ALL be deinitialized at the end, so _Deinit MUST be called. diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 58d917cd..e77564cf 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -220,7 +220,7 @@ BSL_HostEIDPattern_t BSL_TestUtils_GetEidPatternFromText(const char *text) return pat; } -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char* key_id) +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char *key_id) { RFC9173_A1_Params params = { 0 }; BSL_SecParam_InitInt64(¶ms.sha_variant, RFC9173_TestVectors_AppendixA1.bib_asb_sha_variant_key, diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index 4e4aa5cf..6959219f 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -276,7 +276,7 @@ typedef struct BSL_SecParam_t test_key_id; } RFC9173_A1_Params; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char* key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char *key_id); typedef struct { @@ -291,7 +291,7 @@ typedef struct uint64_t scope_flag; } RFC9173_AppendixA2_BCB; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(const char* key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(const char *key_id); typedef struct BSL_TestContext_s { diff --git a/test/test_CryptoInterface.c b/test/test_CryptoInterface.c index a49da200..44788fc9 100644 --- a/test/test_CryptoInterface.c +++ b/test/test_CryptoInterface.c @@ -248,7 +248,7 @@ TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616 TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34" "d4a6b4b636e070a38bce737"]) -void test_hmac_in(int input_case, const char* keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, +void test_hmac_in(int input_case, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, char *expected) { string_t exp_txt; From 41ca701c21fc130bf7feb40aa9970acf7bbc1dbd Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 22 Jul 2025 17:13:59 -0400 Subject: [PATCH 4/7] explicit in-out params --- deps/QCBOR | 2 +- deps/mlib | 2 +- deps/unity | 2 +- src/BPSecLib_Private.h | 240 ++++++++++++++++++++------------------ src/backend/AbsSecBlock.c | 2 +- 5 files changed, 129 insertions(+), 119 deletions(-) diff --git a/deps/QCBOR b/deps/QCBOR index 24cd62a4..4ace4620 160000 --- a/deps/QCBOR +++ b/deps/QCBOR @@ -1 +1 @@ -Subproject commit 24cd62a415161c2851327e96a023b47bb0897e64 +Subproject commit 4ace4620d549f22c1163c5b00d3ae0c0dae1d207 diff --git a/deps/mlib b/deps/mlib index 847f52fa..f4e3d9cd 160000 --- a/deps/mlib +++ b/deps/mlib @@ -1 +1 @@ -Subproject commit 847f52fa5ef24c0744e3e1169a76dd09a413d42c +Subproject commit f4e3d9cd4c13f7b639b67cd18ad3a2ffe078ac09 diff --git a/deps/unity b/deps/unity index 25ca536c..bddb1366 160000 --- a/deps/unity +++ b/deps/unity @@ -1 +1 @@ -Subproject commit 25ca536caf5c085c453917fe139b3303b8a36e9d +Subproject commit bddb1366a2e3bf18f0f626fd532a1388032c0e9f diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 53719f55..506eeb32 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -293,8 +293,8 @@ int BSL_Data_Init(BSL_Data_t *data); * * @todo Clarify to indicate this calls MALLOC. * - * @param[in, out] data The data to initialize. - * @param bytelen Length of buffer to allocate. + * @param[in,out] data The data to initialize. + * @param[in] bytelen Length of buffer to allocate. * @return Zero upon success. */ int BSL_Data_InitBuffer(BSL_Data_t *data, size_t bytelen); @@ -302,8 +302,8 @@ int BSL_Data_InitBuffer(BSL_Data_t *data, size_t bytelen); /** Initialize a data struct as an overlay on optional external data. * * @param[in,out] data The data to initialize, which must not be NULL. - * @param len The total length to allocate, which may be zero. - * @param src An optional source buffer to point to. + * @param[in] len The total length to allocate, which may be zero. + * @param[in] src An optional source buffer to point to. * @return Zero upon success. */ int BSL_Data_InitView(BSL_Data_t *data, size_t len, BSL_DataPtr_t src); @@ -322,7 +322,7 @@ int BSL_Data_Deinit(BSL_Data_t *data); /** Resize the data, copying if necessary. * * @param[in,out] data The data to resize, which must not be NULL. - * @param len The new total size. + * @param[in] len The new total size. * @return Zero upon success. */ int BSL_Data_Resize(BSL_Data_t *data, size_t len); @@ -330,8 +330,8 @@ int BSL_Data_Resize(BSL_Data_t *data, size_t len); /** Set an initialized data struct to a given size. * * @param[in,out] data The data to copy into, which must not be NULL. - * @param len The total length to allocate, which may be non-zero. - * @param src An optional source buffer to copy from, from which @c len + * @param[in] len The total length to allocate, which may be non-zero. + * @param[in] src An optional source buffer to copy from, from which @c len * bytes will be copied. * @return Zero upon success. */ @@ -340,8 +340,8 @@ int BSL_Data_CopyFrom(BSL_Data_t *data, size_t len, BSL_DataConstPtr_t src); /** Append an initialized data struct with a given size. * * @param[in,out] data The data to copy into, which must not be NULL. - * @param len The total length to allocate, which may be non-zero. - * @param src An optional source buffer to copy from, from which @c len + * @param[in] len The total length to allocate, which may be non-zero. + * @param[in] src An optional source buffer to copy from, from which @c len * bytes will be copied. * @return Zero upon success. */ @@ -359,7 +359,7 @@ int BSL_SeqReader_Deinit(BSL_SeqReader_t *obj); /** Iterate a sequential reader. * - * @param obj The reader handle. + * @param[in,out] obj The reader handle. * @param[out] buf The output buffer to fill. * @param[in,out] bufsize The available output buffer size as input, * set to the used buffer size as output. @@ -460,6 +460,9 @@ void BSL_HostEIDPattern_Deinit(BSL_HostEIDPattern_t *pat); /** * Encode a EID into a CBOR sequence + * @param[in] eid + * @param[in] user_data + * @return Zero if successful. */ int BSL_HostEID_EncodeToCBOR(const BSL_HostEID_t *eid, void *user_data); @@ -527,7 +530,7 @@ typedef enum * * @param[in] bundle Bundle context * @param[out] result_primary_block Non-null pointer to result which gets populated on a zero return code. - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBundleMetadata(const BSL_BundleRef_t *bundle, BSL_PrimaryBlock_t *result_primary_block); @@ -537,6 +540,7 @@ int BSL_BundleCtx_GetBundleMetadata(const BSL_BundleRef_t *bundle, BSL_PrimaryBl * @param[in] array_count Number of elements in `block_id_index_array` * @param[out] block_id_index_array Array of `array_count` elements for results * @param[out] result_count Contains the number of elements put into the array + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, uint64_t block_ids_array[array_count], size_t *result_count); @@ -546,6 +550,7 @@ int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, * @param[in] bundle Context bundle * @param[in] block_num The number of the bundle canonical block we seek information on * @param[out] result_block Pointer to allocated memory which contains the results of the query. + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block_num, BSL_CanonicalBlock_t *result_block); @@ -555,7 +560,7 @@ int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block * @param[in] bundle Context bundle * @param[in] block_type_code The type of block to be created (e.g, 1 means payload) * @param[out] block_num Pointer to integer containing the number of the block just created.abort - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, uint64_t *block_num); @@ -563,7 +568,7 @@ int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, * * @param[in] bundle Context bundle * @param[in] block_num Block number to be removed - * @returns 0 on success, negative on failure. + * @return 0 on success, negative on failure. */ int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num); @@ -574,7 +579,7 @@ int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num); * @param[in] bundle Context bundle * @param[in] block_num Number of block requesting re-allocated of BTSD * @param[in] bytesize Size of new BTSD - * @returns 0 on success, negative on failure. + * @return 0 on success, negative on failure. */ int BSL_BundleCtx_ReallocBTSD(BSL_BundleRef_t *bundle, uint64_t block_num, size_t bytesize); @@ -610,11 +615,12 @@ typedef struct BSL_SecResult_s BSL_SecResult_t; /** Populate a pre-allocated SecResult. * - * @param self Non-NULL pointer to allocated result. - * @param result_id Result ID of corresponding result bytestring, meaning dependent on security context. - * @param context_id ID of security context. - * @param target_block_num Target of the given security result, included here for convenience. - * @param content Read-only view to data containing the bytes of the security result, which is copied out of here. + * @param[in,out] self Non-NULL pointer to allocated result. + * @param[in] result_id Result ID of corresponding result bytestring, meaning dependent on security context. + * @param[in] context_id ID of security context. + * @param[in] target_block_num Target of the given security result, included here for convenience. + * @param[in] content Read-only view to data containing the bytes of the security result, which is copied out of here. + * @return 0 on success, negative on error */ int BSL_SecResult_Init(BSL_SecResult_t *self, uint64_t result_id, uint64_t context_id, uint64_t target_block_num, BSL_Data_t content); @@ -676,8 +682,8 @@ typedef struct BSL_SecParam_s BSL_SecParam_t; uint64_t BSL_SecParam_GetId(const BSL_SecParam_t *self); /** @brief Return true if invariant conditions pass - * @param self This security parameter - * @returns true if valid, false otherwise. + * @param[in] self This security parameter + * @return true if valid, false otherwise. */ bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self); @@ -685,7 +691,7 @@ bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self); * * @todo Rename to avoid using negative logic and clarify. * @param param_id ID of the parameter - * @returns True when this is NOT an internal parameter ID. + * @return True when this is NOT an internal parameter ID. */ bool BSL_SecParam_IsParamIDOutput(uint64_t param_id); @@ -694,42 +700,42 @@ size_t BSL_SecParam_Sizeof(void); /** Initialize as a parameter containing a bytestring. * - * @param self[in,out] This Security Paramter - * @param param_id[in] ID of the parameter - * @param value[in] View of bytes, which get copied into this Security Parameter. - * @returns Negative on an error. + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value View of bytes, which get copied into this Security Parameter. + * @return Negative on an error. */ int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t value); /** Initialize as a parameter containing an integer as a value. * - * @param self This Security Paramter - * @param param_id ID of the parameter - * @param value View of bytes, which get copied into this Security Parameter. - * @returns Negative on an error. + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value View of bytes, which get copied into this Security Parameter. + * @return Negative on an error. */ int BSL_SecParam_InitInt64(BSL_SecParam_t *self, uint64_t param_id, uint64_t value); /** - * @param self This Security Paramter - * @param param_id ID of the parameter - * @param value text string of the parameter - * @returns Negative on an error. + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value text string of the parameter, copied into self + * @return Negative on an error. */ int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char *value); /** Returns true when the value type is an integer. * - * @param self This Security Parameter - * @returns True when value type is integer. + * @param[in] self This Security Parameter + * @return True when value type is integer. */ int BSL_SecParam_IsInt64(const BSL_SecParam_t *self); /** Retrieve integer value of result when this result type is integer. WARNING: Always check using BSL_SecParam_IsInt64 * first. * - * @param self This Security Parameter - * @returns Integer value of parameter if present, panics/aborts otherwise. + * @param[in] self This Security Parameter + * @return Integer value of parameter if present, panics/aborts otherwise. */ uint64_t BSL_SecParam_GetAsUInt64(const BSL_SecParam_t *self); @@ -737,9 +743,9 @@ uint64_t BSL_SecParam_GetAsUInt64(const BSL_SecParam_t *self); * using. * * @todo Clarify whether result contains copy or view of content - * @param self This Security Parameter - * @param result Pointer to pre-allocated data into which the bytestring is copied. - * @returns Negative on error. + * @param[in] self This Security Parameter + * @param[in,out] result Pointer to pre-allocated data into which the bytestring is copied. + * @return Negative on error. */ int BSL_SecParam_GetAsBytestr(const BSL_SecParam_t *self, BSL_Data_t *result); @@ -752,12 +758,12 @@ size_t BSL_SecOper_Sizeof(void); /** Populate a pre-allocated Security Operation with the given values. * - * @param self Non-NULL pointer to this security operation. - * @param context_id ID of the security context - * @param target_block_num Block ID of security target block - * @param sec_block_num Block ID of security block. - * @param sec_type Member of BSL_SecBlock_Type_e enum indicating BIB or BCB - * @param sec_role Member of BSL_SecRole_e enum indicating role. + * @param[in,out] self Non-NULL pointer to this security operation. + * @param[in] context_id ID of the security context + * @param[in] target_block_num Block ID of security target block + * @param[in] sec_block_num Block ID of security block. + * @param[in] sec_type Member of BSL_SecBlock_Type_e enum indicating BIB or BCB + * @param[in] sec_role Member of BSL_SecRole_e enum indicating role. */ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code); @@ -767,69 +773,69 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ * Certain backend implementations may create dynamic data structures that may need to be cleaned up, * so it is essential to call this under all circumstances. * - * @param self Non-NULL pointer to this security operation + * @param[in,out] self Non-NULL pointer to this security operation */ void BSL_SecOper_Deinit(BSL_SecOper_t *self); /** Returns true if internal consistency and sanity checks pass * * @todo Formalize invariants - * @param self This security operation + * @param[in] self This security operation * @return True if consistent, may assert false otherwise. */ bool BSL_SecOper_IsConsistent(const BSL_SecOper_t *self); /** Returns a pointer to the Security Parameter at a given index in the list of all paramters. * @todo Clarify behavior if index is out of range. - * @param self This security operation - * @param index Index of security paramter list to retrieve from - * @returns Pointer to security parameter type at given index. + * @param[in] self This security operation + * @param[in] index Index of security paramter list to retrieve from + * @return Pointer to security parameter type at given index. */ const BSL_SecParam_t *BSL_SecOper_GetParamAt(const BSL_SecOper_t *self, size_t index); /// @brief Get the block number of the security block containing this sec operation -/// @param self This security operation +/// @param[in] self This security operation uint64_t BSL_SecOper_GetSecurityBlockNum(const BSL_SecOper_t *self); /// @brief Get the block number of the target block covered by this security operation -/// @param self This security operation +/// @param[in] self This security operation uint64_t BSL_SecOper_GetTargetBlockNum(const BSL_SecOper_t *self); /** Get the count of parameters contained within this security operation. * * @param self This security operation. - * @returns Count of security parameters. + * @return Count of security parameters. */ size_t BSL_SecOper_CountParams(const BSL_SecOper_t *self); /** Add the given security parameter to this list of parameters. * @todo Clarify pointer/copy semantics. - * @param self This security operation - * @param param Security parameter to include. + * @param[in,out] self This security operation + * @param[in] param Security parameter to include. */ void BSL_SecOper_AppendParam(BSL_SecOper_t *self, const BSL_SecParam_t *param); /** Return true if this security operation's role is SOURCE - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleSource(const BSL_SecOper_t *self); /** Return true if this security operation's role is Verifier - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleVerifier(const BSL_SecOper_t *self); /** Return true if this security operation's role is Acceptor - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleAccepter(const BSL_SecOper_t *self); /** Return true if this security operation is BIB - * @param self This security operation - * @returns boolen + * @param[in] self This security operation + * @return boolen */ bool BSL_SecOper_IsBIB(const BSL_SecOper_t *self); @@ -843,62 +849,64 @@ size_t BSL_AbsSecBlock_Sizeof(void); /** Populate a pre-allocated Absract Security Block * @todo - Can be backend-only. * - * @param self This ASB - * @param sec_context_id Security Context ID - * @param source_eid Source EID in format native to host BPA. + * @param[in,out] self This ASB + * @param[in] sec_context_id Security Context ID + * @param[in] source_eid Source EID in format native to host BPA. */ void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, uint64_t sec_context_id, BSL_HostEID_t source_eid); /** Checks internal consistency and sanity of this structure. - * @param self This ASB + * @param[in] self This ASB */ bool BSL_AbsSecBlock_IsConsistent(const BSL_AbsSecBlock_t *self); /** Initialize a pre-allocated ASB with no contents. - * @param self This ASB + * @param[in,out] self This ASB */ void BSL_AbsSecBlock_InitEmpty(BSL_AbsSecBlock_t *self); /** Deinitializes and clears this ASB, clearing and releasing any owned memory. * - * @param self This ASB + * @param[in,out] self This ASB */ void BSL_AbsSecBlock_Deinit(BSL_AbsSecBlock_t *self); /** Prints to LOG INFO * @todo - Can be backend-only. * - * @param self This ASB + * @param[in] self This ASB * @todo Refactor to dump this to a pre-allocated string. */ void BSL_AbsSecBlock_Print(const BSL_AbsSecBlock_t *self); /** Returns true if this ASB contains nothing (i.e., no tarets, params and results) * - * @param self This ASB. + * @param[in] self This ASB. + * @return true if ASB is empty */ bool BSL_AbsSecBlock_IsEmpty(const BSL_AbsSecBlock_t *self); /** Returns true if a given ASB contains the given block number as a security target. * - * @param self This ASB. - * @param target_block_num ID of a block, 0 indicates primary block + * @param[in,out] self This ASB. + * @param[in] target_block_num ID of a block, 0 indicates primary block + * @return true if ASB contains target */ bool BSL_AbsSecBlock_ContainsTarget(const BSL_AbsSecBlock_t *self, uint64_t target_block_num); /** Adds a given block ID as a security target covered by this ASB * @todo - Can be backend-only. * - * @param self This ASB. - * @param target_block_id ID of a block, 0 indicates primary block as usual. + * @param[in,out] self This ASB. + * @param[in] target_block_id ID of a block, 0 indicates primary block as usual. */ void BSL_AbsSecBlock_AddTarget(BSL_AbsSecBlock_t *self, uint64_t target_block_id); /** Add a security parameter to this security block (does NOT copy) * @todo - Can be backend-only. * - * @param self This security block - * @param param Non-Null Security parameter pointer to add to list + * @param[in,out] self This security block + * @param[in] param Non-Null Security parameter pointer to add to list */ void BSL_AbsSecBlock_AddParam(BSL_AbsSecBlock_t *self, const BSL_SecParam_t *param); @@ -906,8 +914,8 @@ void BSL_AbsSecBlock_AddParam(BSL_AbsSecBlock_t *self, const BSL_SecParam_t *par * * @todo - Can be backend-only. * - * @param self This security block - * @param result Non-Null Security result pointer to add to list + * @param[in,out] self This security block + * @param[in] result Non-Null Security result pointer to add to list */ void BSL_AbsSecBlock_AddResult(BSL_AbsSecBlock_t *self, const BSL_SecResult_t *result); @@ -915,16 +923,16 @@ void BSL_AbsSecBlock_AddResult(BSL_AbsSecBlock_t *self, const BSL_SecResult_t *r * * @todo - Can be backend-only. * - * @param self This ASB - * @param outcome Security Operation outcome containing params and results + * @param[in,out] self This ASB + * @param[in] outcome Security Operation outcome containing params and results * @return Negative on error, otherwise count of things removed. */ int BSL_AbsSecBlock_StripResults(BSL_AbsSecBlock_t *self, uint64_t target_block_num); /** Encodes this ASB into a CBOR string into the space pre-allocated indicated by the argument. * - * @param self This ASB. - * @param allocated_target A buffer with allocated space for the encoded CBOR + * @param[in,out] self This ASB. + * @param[in] allocated_target A buffer with allocated space for the encoded CBOR * @return Integer contains number of bytes written to buffer, negative indicates error. * */ @@ -932,8 +940,8 @@ int BSL_AbsSecBlock_EncodeToCBOR(const BSL_AbsSecBlock_t *self, BSL_Data_t alloc /** Decodes and populates this ASB from a CBOR string. * - * @param self This allocated, but uninitialized ASB to populate. - * @param encoded_cbor A buffer containing a CBOR string representing the ASB + * @param[in,out] self This allocated, but uninitialized ASB to populate. + * @param[in] encoded_cbor A buffer containing a CBOR string representing the ASB * @return Negative on error */ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_cbor); @@ -947,21 +955,21 @@ size_t BSL_SecOutcome_Sizeof(void); /** Populate a pre-allocated security outcome struct. * - * @param self Non-Null pointer to this security outcome. - * @param sec_oper Security operation containing the necessary info. - * @param allocation_size Size of working space to allocate. + * @param[in,out] self Non-Null pointer to this security outcome. + * @param[in] sec_oper Security operation containing the necessary info. + * @param[in] allocation_size Size of working space to allocate. */ void BSL_SecOutcome_Init(BSL_SecOutcome_t *self, const BSL_SecOper_t *sec_oper, size_t allocation_size); /** Release any resources owned by this security outcome. * - * @param self Non-Null pointer to this security outcome. + * @param[in,out] self Non-Null pointer to this security outcome. */ void BSL_SecOutcome_Deinit(BSL_SecOutcome_t *self); /** Return true if internal invariants hold * - * @param self This sec outcome. + * @param[in] self This sec outcome. * @return true if invariants hold */ bool BSL_SecOutcome_IsConsistent(const BSL_SecOutcome_t *self); @@ -970,21 +978,23 @@ bool BSL_SecOutcome_IsConsistent(const BSL_SecOutcome_t *self); * * @todo Double-check copy semantics. * - * @param self Non-NULL pointer to this security outcome. - * @param sec_result Non-NULL pointer to security result to copy and append. + * @param[in,out] self Non-NULL pointer to this security outcome. + * @param[in] sec_result Non-NULL pointer to security result to copy and append. */ void BSL_SecOutcome_AppendResult(BSL_SecOutcome_t *self, const BSL_SecResult_t *sec_result); /** Get the result at index i. Panics if i is out of range. * - * @param self This outcome - * @param index Index in the list to retrieve + * @param[in] self This outcome + * @param[in] index Index in the list to retrieve + * @return Sec Result at index */ const BSL_SecResult_t *BSL_SecOutcome_GetResultAtIndex(const BSL_SecOutcome_t *self, size_t index); /** Get the number of results * - * @param self this sec outcome + * @param[in] self this sec outcome + * @return number of results in sec outcome */ size_t BSL_SecOutcome_CountResults(const BSL_SecOutcome_t *self); @@ -992,14 +1002,14 @@ size_t BSL_SecOutcome_CountResults(const BSL_SecOutcome_t *self); * * @todo Double-check copy semantics. * - * @param self Non-NULL pointer to this security outcome. - * @param param Non-NULL pointer to security parameter to copy and append. + * @param[in,out] self Non-NULL pointer to this security outcome. + * @param[in] param Non-NULL pointer to security parameter to copy and append. */ void BSL_SecOutcome_AppendParam(BSL_SecOutcome_t *self, const BSL_SecParam_t *param); /** @brief Returns number of parameters in this outcome. * @param[in] self This outcome - * @returns Number of parameters + * @return Number of parameters */ size_t BSL_SecOutcome_CountParams(const BSL_SecOutcome_t *self); @@ -1007,8 +1017,8 @@ const BSL_SecParam_t *BSL_SecOutcome_GetParamAt(const BSL_SecOutcome_t *self, si /// @brief Returns true if this (the parameters and results) is contained within the given ASK /// @todo Can move to backend -/// @param self -/// @param outcome +/// @param[in] self +/// @param[in] outcome /// @return bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsSecBlock_t *abs_sec_block); @@ -1024,48 +1034,49 @@ void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self); /** @brief Increment a security failure for this action set * - * @param[in, out] self Pointer to this security action set. + * @param[in,out] self Pointer to this security action set. */ void BSL_SecurityActionSet_IncrError(BSL_SecurityActionSet_t *self); /** @brief Returns count of failures after processing this action set * * @param[in] self Pointer ot this security action set. - * @returns Count of errors. + * @return Count of errors. */ size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self); /** Zeroize, clear, and release itself and any owned resources. * - * @param self This action set. + * @param[in,out] self This action set. */ void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self); /** @brief Append a security operation to the security action set * - * @param[in, out] self This security action set. + * @param[in,out] self This security action set. * @param[in] sec_oper Security operation to include. - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_SecurityActionSet_AppendSecOper(BSL_SecurityActionSet_t *self, const BSL_SecOper_t *sec_oper); /** Return true if internal sanity and consistency checks pass * * @param[in] self This action set. + * @return true if action set is consistent */ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self); /** Count number of security operations present in this policy action set. * - * @param self This action set. + * @param[in] self This action set. * @return Number of operations, 0 indicates no policy matched. */ size_t BSL_SecurityActionSet_CountSecOpers(const BSL_SecurityActionSet_t *self); /** Returns the Security Operation at the given index. * - * @param self This action set - * @param index index + * @param[in] self This action set + * @param[in] index index * @return pointer to security operation at given index, asserting false if not in bound */ const BSL_SecOper_t *BSL_SecurityActionSet_GetSecOperAtIndex(const BSL_SecurityActionSet_t *self, size_t index); @@ -1089,7 +1100,7 @@ void BSL_SecurityResponseSet_Init(BSL_SecurityResponseSet_t *self, size_t nopera /** Zeroize itself and release any owned resources * - * @param[in, out] self This response set. + * @param[in,out] self This response set. */ void BSL_SecurityResponseSet_Deinit(BSL_SecurityResponseSet_t *self); @@ -1101,7 +1112,7 @@ bool BSL_SecurityResponseSet_IsConsistent(const BSL_SecurityResponseSet_t *self) /** Return number of responses (operations acted upon) * - * @param self This response set. + * @param[in] self This response set. */ size_t BSL_SecurityResponseSet_CountResponses(const BSL_SecurityResponseSet_t *self); @@ -1114,7 +1125,6 @@ size_t BSL_SecurityResponseSet_CountResponses(const BSL_SecurityResponseSet_t *s * @param[out] output_action_set @preallocated Caller-allocated, zeroed space for action set * @param[in,out] bundle Bundle seeking security operations * @param[in] location Where in the BPA lifecycle this query arises from - * * @return A policy action set, which may contain error codes and other info */ int BSL_PolicyRegistry_InspectActions(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, @@ -1141,7 +1151,7 @@ struct BSL_PolicyDesc_s * @param[out] output_response Pointer to allocated, zeroed memory into which the response is populated * @param[in,out] bundle Pointer to bundle, which may be modified. * @param[in] action_set Action containing all params and operations. - * + * @return 0 on success, negative on failure. */ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet_t *output_response, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set); @@ -1166,7 +1176,7 @@ typedef bool (*BSL_SecCtx_Validate_f)(BSL_LibCtx_t *lib, const BSL_BundleRef_t * * @param[in] lib The library context. * @param[in,out] bundle The bundle to modify. * @param[in] sec_oper The security operation to perform. - * @param[in, out] sec_outcome The pre-allocated outcome to populate + * @param[in,out] sec_outcome The pre-allocated outcome to populate * @return 0 if security operation performed successfully. */ typedef int (*BSL_SecCtx_Execute_f)(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, diff --git a/src/backend/AbsSecBlock.c b/src/backend/AbsSecBlock.c index 1d06347e..6d84fbf4 100644 --- a/src/backend/AbsSecBlock.c +++ b/src/backend/AbsSecBlock.c @@ -410,7 +410,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c // This is a failure case - should more clearly return? BSL_LOG_ERR("Unhandled case"); // NOLINTNEXTLINE - exit(1); + return BSL_ERR_DECODING; } const size_t item_end = QCBORDecode_Tell(&asbdec); From ee4e157b182f5150a7460d8f4fc0b7406df9a5e0 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Fri, 25 Jul 2025 09:07:27 -0400 Subject: [PATCH 5/7] final PR updates --- src/security_context/BIB_HMAC_SHA2.c | 1 - .../DefaultSecContext_Private.h | 1 + test/test_CryptoInterface.c | 32 +++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/security_context/BIB_HMAC_SHA2.c b/src/security_context/BIB_HMAC_SHA2.c index 135ae066..9c6b9a02 100644 --- a/src/security_context/BIB_HMAC_SHA2.c +++ b/src/security_context/BIB_HMAC_SHA2.c @@ -111,7 +111,6 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) memset(self, 0, sizeof(*self)); self->sha_variant = -1; self->integrity_scope_flags = -1; - self->key_id = ""; for (size_t param_index = 0; param_index < BSL_SecOper_CountParams(sec_oper); param_index++) { diff --git a/src/security_context/DefaultSecContext_Private.h b/src/security_context/DefaultSecContext_Private.h index a482ea99..4c3a06c8 100644 --- a/src/security_context/DefaultSecContext_Private.h +++ b/src/security_context/DefaultSecContext_Private.h @@ -62,6 +62,7 @@ BSL_Data_t BSLX_Bytestr_AsData(BSLX_Bytestr_t *self); typedef struct BSLX_BIB_s { + /// @brief set to external pointer which will outloast BIB context const char *key_id; BSL_PrimaryBlock_t primary_block; BSL_CanonicalBlock_t target_block; diff --git a/test/test_CryptoInterface.c b/test/test_CryptoInterface.c index 44788fc9..bc6f9068 100644 --- a/test/test_CryptoInterface.c +++ b/test/test_CryptoInterface.c @@ -201,16 +201,16 @@ void suiteSetUp(void) uint8_t test1[20] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test2[4] = { 0x4a, 0x65, 0x66, 0x65 }; - BSL_Crypto_AddRegistryKey("1", test1, 20); - BSL_Crypto_AddRegistryKey("2", test2, 4); + BSL_Crypto_AddRegistryKey("Key1", test1, 20); + BSL_Crypto_AddRegistryKey("Key2", test2, 4); uint8_t test_128[16] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test_256[32] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - BSL_Crypto_AddRegistryKey("8", test_256, 32); - BSL_Crypto_AddRegistryKey("9", test_128, 16); + BSL_Crypto_AddRegistryKey("Key8", test_256, 32); + BSL_Crypto_AddRegistryKey("Key9", test_128, 16); } int suiteTearDown(int failures) @@ -232,20 +232,20 @@ void tearDown(void) // test vectors from RFC 4231 // Test vector 1 -TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_256], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_256], ["4869205468657265"], ["b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"]) -TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_384], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_384], ["4869205468657265"], ["afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"]) -TEST_MATRIX([ 0, 1 ], ["1"], [BSL_CRYPTO_SHA_512], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_512], ["4869205468657265"], ["87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914ee" "b61f1702e696c203a126854"]) // Test vector 2 -TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"]) -TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"]) -TEST_MATRIX([ 0, 1 ], ["2"], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34" "d4a6b4b636e070a38bce737"]) void test_hmac_in(int input_case, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, @@ -318,7 +318,7 @@ void test_hmac_in(int input_case, const char *keyid, BSL_CryptoCipherSHAVariant_ /** * Test library encrypt using OpenSSL example decrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "8", "9" ]) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "Key8", "Key9" ]) void test_encrypt(const char *plaintext_in, const char *keyid) { int res; @@ -340,7 +340,7 @@ void test_encrypt(const char *plaintext_in, const char *keyid) res = BSL_SeqWriter_InitFlat(&writer, &ciphertext, &ct_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (0 == strcmp(keyid, "8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "Key8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; BSL_Cipher_t ctx; const uint8_t *ekey; @@ -377,7 +377,7 @@ void test_encrypt(const char *plaintext_in, const char *keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (0 == strcmp(keyid, "8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "Key8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_decrypt(cipher, ciphertext, ct_size, aad, 2, (unsigned char *)tag, (unsigned char *)key, iv, iv_len, plaintext, &plaintext_len); TEST_ASSERT_EQUAL(0, res); @@ -394,7 +394,7 @@ void test_encrypt(const char *plaintext_in, const char *keyid) /** * Test library decrypt using OpenSSL example encrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "8", "9" ]) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "Key8", "Key9" ]) void test_decrypt(const char *plaintext_in, const char *keyid) { int res; @@ -414,7 +414,7 @@ void test_decrypt(const char *plaintext_in, const char *keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (0 == strcmp(keyid, "8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "Key8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_encrypt(cipher, (unsigned char *)plaintext_in, strlen(plaintext_in), aad, 2, (unsigned char *)key, iv, iv_len, ciphertext, &ciphertext_len, tag); TEST_ASSERT_EQUAL(0, res); @@ -431,7 +431,7 @@ void test_decrypt(const char *plaintext_in, const char *keyid) res = BSL_SeqWriter_InitFlat(&writer, &plaintext, &pt_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (0 == strcmp(keyid, "8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "Key8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; const uint8_t *ckey; size_t ckeylen; From 06e4ea0761dc45b2964d34fbbd90b0cfdca08202 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Fri, 25 Jul 2025 09:13:07 -0400 Subject: [PATCH 6/7] apply format --- src/BPSecLib_Private.h | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 506eeb32..faf25c57 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -276,10 +276,7 @@ typedef struct BSL_Data_s /** Static initializer for a data store. * @sa BSL_Data_Init() */ -#define BSL_DATA_INIT_NULL \ - { \ - .owned = false, .ptr = NULL, .len = 0 \ - } +#define BSL_DATA_INIT_NULL { .owned = false, .ptr = NULL, .len = 0 } /** Initialize an empty data struct. * @@ -390,10 +387,7 @@ int BSL_SeqWriter_Put(BSL_SeqWriter_t *obj, const uint8_t *buf, size_t *bufsize) /** Static initializer for an invalid ::BSL_HostEID_t. * Even after this, BSL_HostEID_Init() must be used to get into a valid state. */ -#define BSL_HOSTEID_INIT_INVALID \ - { \ - .handle = NULL \ - } +#define BSL_HOSTEID_INIT_INVALID { .handle = NULL } /** Initialize an abstract EID. * @@ -440,10 +434,7 @@ int BSL_HostEID_DecodeFromCBOR(BSL_HostEID_t *eid, void *decoder); /** Static initializer for an invalid ::BSL_HostEIDPattern_t. * Even after this, BSL_HostEIDPattern_Init() must be used to get into a valid state. */ -#define BSL_HOSTEID_INIT_INVALID \ - { \ - .handle = NULL \ - } +#define BSL_HOSTEID_INIT_INVALID { .handle = NULL } /** Initialize an abstract EID Pattern. * @@ -987,7 +978,7 @@ void BSL_SecOutcome_AppendResult(BSL_SecOutcome_t *self, const BSL_SecResult_t * * * @param[in] self This outcome * @param[in] index Index in the list to retrieve - * @return Sec Result at index + * @return Sec Result at index */ const BSL_SecResult_t *BSL_SecOutcome_GetResultAtIndex(const BSL_SecOutcome_t *self, size_t index); From e9246045cd802184e9db7c4d6e34079bfec8c011 Mon Sep 17 00:00:00 2001 From: Brian Sipos Date: Fri, 25 Jul 2025 09:52:46 -0400 Subject: [PATCH 7/7] Formatting on CI platform --- src/BPSecLib_Private.h | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index faf25c57..6bcbfd76 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -276,7 +276,10 @@ typedef struct BSL_Data_s /** Static initializer for a data store. * @sa BSL_Data_Init() */ -#define BSL_DATA_INIT_NULL { .owned = false, .ptr = NULL, .len = 0 } +#define BSL_DATA_INIT_NULL \ + { \ + .owned = false, .ptr = NULL, .len = 0 \ + } /** Initialize an empty data struct. * @@ -387,7 +390,10 @@ int BSL_SeqWriter_Put(BSL_SeqWriter_t *obj, const uint8_t *buf, size_t *bufsize) /** Static initializer for an invalid ::BSL_HostEID_t. * Even after this, BSL_HostEID_Init() must be used to get into a valid state. */ -#define BSL_HOSTEID_INIT_INVALID { .handle = NULL } +#define BSL_HOSTEID_INIT_INVALID \ + { \ + .handle = NULL \ + } /** Initialize an abstract EID. * @@ -434,7 +440,10 @@ int BSL_HostEID_DecodeFromCBOR(BSL_HostEID_t *eid, void *decoder); /** Static initializer for an invalid ::BSL_HostEIDPattern_t. * Even after this, BSL_HostEIDPattern_Init() must be used to get into a valid state. */ -#define BSL_HOSTEID_INIT_INVALID { .handle = NULL } +#define BSL_HOSTEID_INIT_INVALID \ + { \ + .handle = NULL \ + } /** Initialize an abstract EID Pattern. *